Check Point Firewall Insight Pack

Posted: September 29, 2015 Modified: October 9, 2015


Overview

The Check Point Firewall Insight Pack gives operational administrators and users the ability to use IBM Operations Analytics – Log Analysis to analyse traffic on their installed Checkpoint Firewalls. Users can monitor normal operational traffic (based on log content) showing the cadence of “accepts” and “denies” hitting the firewall. When noticing peaks they can then drill down into the messages to of concern from possible port scans, host sweeps and general probing. Based on information they can take proactive measures to isolate the situation.

The Check Point Firewall Insight Pack Normal Service Dashboard
The Check Point Firewall Insight Pack Normal Service Dashboard

The Check Point Firewall dashboards will display various charts for the configured time period. These charts reflect the normal processing information from the Check Point Firewall_Normal.

Check Point Firewall Insight Pack Normal Service Dashboard
Check Point Firewall Insight Pack Normal Service Dashboard

Additional information

The Insight Pack handles log content from the Check Point Firewall:

  • Normal logs
  • Operational Traffic logs are for intrusion detection which contains the “accepts” and “denies” found in the main log. These entries are used for indicating port scans, host sweeps, and general probing.

  • Audit Logs
  • This log tracks all changes made via the Check Point Firewall user interface.

Note: The Insight Pack utilizes the generally available Check Point log grabber routine: FW1-loggrabber OPSEC LEA client. To install the FW1-loggrabber OPSEC LEA client you will need to download the software from either one of the following sites:

The FW1-LogGrabber uses API-functions from Checkpoint’s OPSEC SDK. Check Point Firewall entitled customers and users can download the SDK at the Check Point Software OPSEC SDK 6.0 for Linux site.

Refer to the Insight Pack documentation for additional information on the Insight Packs and steps for installing and configuring.

Training Information

Review the following video for information on using and setting up the Insight Pack.


Training and overview presentation used in the training video.

View US Price & Buy

IBM Operations Analytics-Log Analysis Insight Packs for Networks- Standard Install License

Released: 29 September 2015
Version: 1.1.0.0
Cost: License Fee
Support: Supported

Resources

Product Information
Product Documentation
Documentation
Forum

Requirements

  • IBM Operations Analytics – Log Analysis version 1.3.0 or above
  • Check Point Firewall R77.20
  • FW1-loggrabber OPSEC LEA client
  • OPSEC SDK 6.0 for Linux
  • Purchased “IBM Operations Analytics-Log Analysis Insight Packs for Networks- Standard Install License” for each installed Insight Pack.

Support

This package is subject to the License terms included with the Insight Pack, along with those displayed upon download.

To report a problem with deploying this entry, entitled customers may contact the country specific IBM support channel, reference the IBM Worldwide Directory. Also use the “Support” link to access the support site for IBM Operations Analytics – Log Analysis information.